RanRans Ransomware

RanRans Ransomware is the new Hidden-Tear ransomware that was built by a malicious cyber crook who wants nothing else but your money. Once the infection is executed, it quickly encrypts files, after which, the screen is locked, and the victim is forced to read the ransom demands. If you have paid the ransom already, the chances are that your files are still encrypted and the screen is still locked. Our research team has researched hundreds of malicious ransomware infections, and, unfortunately, only a few of them were found to provide victims with tools/keys/passwords that enabled the decryption of files. As you might know, new ransomware threats emerge every day (the most recent ones include Aleta Ransomware, Azer Ransomware, and Gansta Ransomware), and more and more users are becoming victims of this devious malware. Continue reading to learn how to avoid this malware, as well as how to delete RanRans Ransomware if it has invaded already.

Corrupted spam emails are often employed by the distributors of ransomware, and so it is not surprising that the malicious installer of RanRans Ransomware has been found to spread via spam as well. Once the unsuspecting victim executes the launcher of this ransomware, it silently connects to a C&C server, ranrans.000webhostapp.com/write.php?info=. It is not yet clear what the purpose behind this is, but it is most likely that the ransomware acquires an encryption key or sends it to this C&C server after generating it on the PC. According to our research, the threat uses the AES (Advanced Encryption Standard) cipher to encrypt data. At the time of analysis, this ransomware was encrypting files only in %USERPROFILE% and %ALLUSERSPROFILE% directories (including all subfolders). Needless to, personal files are the main target of this malicious infection. As RanRans Ransomware encrypts files, it simultaneously adds the “.ranrans” extension to make it easier to identify the corrupted ones.

As soon as the threat is done with the encryption, it locks the screen and displays a full-screen message informing you that your files were encrypted. In cases like this, it is very important to check if your files were actually encrypted; especially if you are thinking of paying the ransom. That is because there are plenty of screen-lockers that pose as file-encrypting ransomware, when, in reality, the files are not affected at all. Of course, RanRans Ransomware does encrypt files. The ransom note suggests that the files can be recovered if you pay a ransom of 50 USD to 1EkL3c68MYv5MvchU4FHRYCjEj4DKAerG9. The message also provides three links that allegedly represent decryption software. When testing the threat, our researchers found that the installer has been taken down on all three links, and so you cannot download anything. Overall, even if the installation was possible, paying the ransom is too risky, and so our researchers do not recommend it.

The ransom note represented by RanRans Ransomware asks to share your email address and the name of the infected PC when paying the ransom. That might be necessary for cyber criminals to identify the victim, but disclosing personal contact information is always dangerous. The chances that your email address would be used to expose you to malware and scams in the future are pretty high, and so if you choose to share an email address, we advise creating a new one. Overall, we do not recommend fulfilling the demands of cyber criminals at all. What we recommend is looking into legitimate file decryption tools (unfortunately, it is unlikely that any will work) and then checking your backups

Although RanRans Ransomware can lock your screen, it is very easy to unlock it. You simply need to kill a malicious process via the Task Manager. Before you do that, you need to find the malicious launcher. Of course, you must remove this file. That is pretty much all you need to do to have RanRans Ransomware deleted. Of course, that is not all you have to do overall. It is essential that you install security software capable of protecting your operating system full-time. If you skip this step, malware could slither in again and again. Another thing we recommend is finding a way to back up your files so that they would not be in danger of being encrypted, deleted, or lost.